diff options
| author | John Dennis <jdennis@redhat.com> | 2012-02-19 10:02:38 -0500 |
|---|---|---|
| committer | Rob Crittenden <rcritten@redhat.com> | 2012-02-27 05:55:15 -0500 |
| commit | 059a90702e454b99490031bd37541304e65d35d2 (patch) | |
| tree | 4b0c896c19cbac6c3f15e9fabfe1a7558b1c5f94 /make-lint | |
| parent | 9753fd423059e8d5725ead9a90a7cf1b9e0b9b85 (diff) | |
| download | freeipa-059a90702e454b99490031bd37541304e65d35d2.tar.gz freeipa-059a90702e454b99490031bd37541304e65d35d2.tar.xz freeipa-059a90702e454b99490031bd37541304e65d35d2.zip | |
Implement session activity timeout
Previously sessions expired after session_auth_duration had elapsed
commencing from the start of the session. We new support a "rolling"
expiration where the expiration is advanced by session_auth_duration
everytime the session is accessed, this is equivalent to a inactivity
timeout. The expiration is still constrained by the credential
expiration in all cases. The session expiration behavior is
configurable based on the session_auth_duration_type.
* Reduced the default session_auth_duration from 1 hour to 20 minutes.
* Replaced the sesssion write_timestamp with the access_timestamp and
update the access_timestamp whenever the session data is created,
retrieved, or written.
* Modify set_session_expiration_time to handle both an inactivity
timeout and a fixed duration.
* Introduce KerberosSession as a mixin class to share session
duration functionality with all classes manipulating session data
with Kerberos auth. This is both the non-RPC login class and the RPC
classes.
* Update make-lint to handle new classes.
* Added session_auth_duration_type config item.
* Updated default.conf.5 man page for new session_auth_duration_type item.
* Removed these unused config items: mount_xmlserver,
mount_jsonserver, webui_assets_dir
https://fedorahosted.org/freeipa/ticket/2392
Diffstat (limited to 'make-lint')
| -rwxr-xr-x | make-lint | 1 |
1 files changed, 1 insertions, 0 deletions
@@ -67,6 +67,7 @@ class IPATypeChecker(TypeChecker): 'ipalib.parameters.Enum': ['values'], 'ipalib.parameters.File': ['stdin_if_missing'], 'urlparse.SplitResult': ['netloc'], + 'ipaserver.rpcserver.KerberosSession' : ['api', 'log', 'debug', 'info', 'warning', 'error', 'critical', 'exception'], 'ipalib.krb_utils.KRB5_CCache' : ['log', 'debug', 'info', 'warning', 'error', 'critical', 'exception'], 'ipalib.session.AuthManager' : ['log', 'debug', 'info', 'warning', 'error', 'critical', 'exception'], 'ipalib.session.SessionAuthManager' : ['log', 'debug', 'info', 'warning', 'error', 'critical', 'exception'], |